search

openshift / osin

Golang OAuth2 server library
BSD 3-Clause "New" or "Revised" License
1.92k stars 399 forks source link

Fix dependencies, add the organizational build machinery and use constant time comparisons for client secrets #200

Closed stlaz closed 3 years ago

openshift-ci-robot commented 4 years ago

@stlaz: This pull request references Bugzilla bug 1720269, which is invalid:

Comment /bugzilla refresh to re-evaluate validity if changes to the Bugzilla bug are made, or edit the title of this pull request to link to a different bug.

In response to [this](https://github.com/openshift/osin/pull/200): >Bug 1720269: Use contant time comparisons for client secrets Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
stlaz commented 4 years ago

/retest

openshift-ci-robot commented 4 years ago

@stlaz: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/unit 24572ccd884f9c1ed5ab71132752d3e8c368d8e2 link /test unit

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
openshift-ci-robot commented 4 years ago

@stlaz: No Bugzilla bug is referenced in the title of this pull request. To reference a bug, add 'Bug XXX:' to the title of this pull request and request another bug refresh with /bugzilla refresh.

In response to [this](https://github.com/openshift/osin/pull/200): >Use constant time comparisons for client secrets Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
openshift-bot commented 4 years ago

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

openshift-bot commented 4 years ago

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten. Rotten issues close after an additional 30d of inactivity. Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten /remove-lifecycle stale

stlaz commented 3 years ago

/remove-lifecycle rotten

stlaz commented 3 years ago

/approve let's see if the config finally works looks like fixing the unit test config would be the next thing to do

stlaz commented 3 years ago

/test unit

openshift-merge-robot commented 3 years ago

@stlaz: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
ci/prow/unit 24572ccd884f9c1ed5ab71132752d3e8c368d8e2 link /test unit

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).
sttts commented 3 years ago

I see the build machinery change. Where is actual change promised in the PR ? Still WIP ?

stlaz commented 3 years ago

@sttts see the "Commits" tab, it's the second change.

stlaz commented 3 years ago

Renamed the PR, it kind of grew in time as more things needed fixing

sttts commented 3 years ago

Why do we need constant time comparison?

stlaz commented 3 years ago

it's a precaution to avoid a possible timing attack

sttts commented 3 years ago

/lgtm /approve

openshift-ci-robot commented 3 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: stlaz, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/osin/blob/master/OWNERS)~~ [stlaz,sttts] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment